Account information belonging to League of Legends gamers accessed by intruders

Share this article:

Swords, shields and magic were not enough to fend off an attack that compromised tens of thousands of North American accounts for the popular online game League of Legends.

How many victims? More than 120,000.

What type of personal information? First and last names, usernames, email addresses and salted password hashes. Roughly 120,000 transaction records compiled prior to July 2011 were accessed, which contain "hashed" and "salted" credit card numbers.

What happened? Hackers gained access to the North American servers for Riot Games, the League of Legends developer and publisher. 

What was the response? An investigation is ongoing. Riot Games sent emails to affected players, who will be required to change their passwords to stronger ones that are harder to guess. Riot Games is adding new security features, including email verification and two-factor authentication.   

Details: Details were sparse as the investigation is ongoing. Riot Games is just one video game company to be compromised recently – Nintendo, Ubisoft and Konami were hit in July.

Quote: “We are taking appropriate action to notify and safeguard affected players,” said Riot Games CEO Brandon Beck and President Marc Merrill in the post. “We're sincerely sorry about this situation. We apologize for the inconvenience and will continue to focus on account security going forward.”

Source:, League of Legends, “Important Security Update and Password Reset,” Aug. 20, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.

Marquette University notifies graduate applicants of possible breach

Settings for an internal file server were inadvertently modified, making graduate school applications accessible to anyone with Marquette University login credentials.